Toolkit addresses data privacy minefield

A new toolkit that helps businesses through the data privacy minefield reflects concern about data privacy following recent GDPR legislation in Europe.  ​

A data privacy toolkit has been released to help New Zealand businesses manage and protect personally identifiable employee as well as customer data, as tough international rules about information security send ripples around the world.

The launch by Auckland based Data Insight, a business insights and analytics specialist, reflects growing concern about data privacy following last year’s GDPR legislation in Europe.  

The governance over collecting and using personally identifiable data is a key focus of the current review of the New Zealand Privacy Act, however, until now the focus on breaches has mostly related to customer data, and not that of employees.

Claire Bonham-Holden (pictured), General Manager Data Insights, says the mismanagement of employee information can result in businesses falling into hot water without realising it.

“A common misconception is privacy only relates to customers when in reality, the law governs any and all data relating to individuals, and often this is sensitive information held about employees.

“An issue has grown as the drive for productivity and increasing speed of work means we are all using platforms where sharing and collaboration is part of the process – it’s great for workflow but there’s a downside,” she says.

“In many situations template documents are used where general information remains the same and facts change for different situations.  Sometimes, this can include sensitive detail such as salary, health, financial or disciplinary actions and can lead to breaches because revisions can be searched.

“This is increasingly common, partly because management is focused on the need for speed and productivity, there’s a lack of understanding about the dangers of compromising personal privacy.  

“Most will fall into this unknowingly but it’s a company’s responsibility to ensure all employees are acting appropriately,” she says.

Every year hundreds of data breaches are reported to the NZ Privacy Commission including when personal electronic information had been sent to the wrong recipient.  These can have significant financial implications as well as damaging reputation with customers. Any compromise of employee personal information can also impact an organisation’s culture and degree of trust in management.

Claire Bonham-Holden continues by highlighting the new toolkit helps business understand the risk and the potential for damage:

“It starts with a review of the data held, where it is stored, how it’s used and shared, after which a security score is provided along with suggestions about improvements.

“It’s a practical data housekeeping process to help companies avoid getting burned.  The result is a Risk Register that keeps track of all data and ensures appropriate policy and procedures are in place,” she says.

To learn more about the Data Insights toolkit go to: https://datainsight.co.nz/the-data-privacy-toolkit